This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.

The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Enforcement Activity in the SEC’s Newly-Created Cyber Unit: The First Six Months and What’s Next

Mar 30, 2018

On March 30, 2018, Clearly Gottlieb, a law firm, released a memo that reviews the Cyber Unit’s first six months of work and previews coming attractions.

The memo notes that, so far, the unit’s attention has focused on allegedly improper trading involving hacking and cryptocurrency and ICO fraud claims. And it speculates that the next target may be cybersecurity lapses.

The memo says that the speech pointed to SEC Regulations S-P, SCI and S-ID – which require that covered entities “understand the risks they face & take reasonable steps to address those risks” – including putting “reasonable safeguards in place to address cybersecurity threats.” While noting that no cases involving failure to maintain proper cybersecurity safeguards have been brought as yet, other enforcement proceedings under those rules may provide a roadmap for future actions.